India, Pakistan hit by spy malware, likely from a state: Symantec

A Symantec security app is seen on a phone.
A Symantec security app is seen on a phone. PHOTO: REUTERS

MUMBAI • Symantec, a digital security company, said it has identified a sustained cyber-spying campaign, likely state-sponsored, against Indian and Pakistani entities involved in regional security issues.

In a threat intelligence report that was sent to clients in July, Symantec said the online espionage effort dated back to October last year.

The campaign appeared to be the work of several groups, but tactics and techniques used suggest that the groups were operating with "similar goals or under the same sponsor", probably a nation state, according to the threat report, which was reviewed by Reuters. It did not name a state.

The detailed report on the cyber- spying comes at a time of heightened tensions in the region.

India's military had been involved in a face-off with Chinese troops along its border with China near their disputed frontier Doklam, while Indo-Pakistan tensions are also simmering over the disputed Kashmir region.

Symantec said that governments and militaries with operations in South Asia and interests in regional security issues would likely be at risk from the malware.

The malware utilises the so-called "Ehdoor" backdoor to access files on computers.

To install the malware, Symantec found, the attackers used decoy documents related to security issues in South Asia. The documents included reports from Reuters, Zee News and The Hindu, and were related to military issues, Kashmir and an Indian secessionist movement.

The malware allows spies to upload and download files, carry out processes, log keystrokes, identify the target's location, steal personal data and take screenshots, Symantec said, adding that the malware was also being used to target Android devices.

In response to frequent cyber-security incidents, India in February established a centre to help companies and individuals detect and remove malware.

The centre is operated by the Indian Computer Emergency Response Team (CERT-In).

Mr Gulshan Rai, the director general of CERT-In, declined to comment specifically on the attack cited in the Symantec report. But he said: "We took prompt action when we discovered a backdoor last October after a group in Singapore alerted us." He did not elaborate.


A version of this article appeared in the print edition of The Straits Times on August 29, 2017, with the headline 'India, Pakistan hit by spy malware, likely from a state: Symantec'. Print Edition | Subscribe